Page MenuHomePhabricator
Create Task
Maniphest T360730

Avoid manual review of translations that include HTML tags with `style=""` attributes
Open, Needs TriagePublicBUG REPORT
Actions

Description

Translations of messages are imported from translatewiki.net into Gerrit mostly automatically, but translations that include something that looks like HTML tags are checked. Some HTML tags and attributes are automatically allowed, but for all others, manual review is required. See the parent task.

Currently, the CI tools don't allow the HTML attribute "style", so every translation of messages with it has to be manually reviewed by translatewiki maintainers.

One path towards fixing this is to allow the attribute. This is very easy to do, but has a couple of issues:

  1. It's possible only if security experts are sure that it's not a security threat. (Tagging Security for that. Once that is reviewed, the project tag can be removed.)
  2. There are no good reasons to use this attribute in translations. Translations should be about human language, and they should only have minimal essential markup. The style attribute is not essential in messages.

The other path, which seems better, is to remove it from all the English messages in which it's currently, so that translators won't have a reason to use it. Luckily, there are very few such messages. In the extensions used by Wikimedia, there are two in the Math extension and one in WikimediaMessages, which overrides a message from the CheckUser extension. (There are a few more such messages in extensions that are stored on Wikimedia Gerrit, but not deployed on Wikimedia sites.)

Used by Wikimedia:

  • Math (patch; fixed by removing the HTML from the messages entirely; other styling may be added later, see the discussion in the comments)
  • WikimediaMessages (CheckUser) (patch)

Not used by Wikimedia (possibly an incomplete list; if you find more, please add):

  • PrivateDomains
  • SocialProfile
  • UserGroups
  • Video

Details

SubjectRepoBranchLines +/-
Remove style attribute from wikimedia-checkuser-toollinksmediawiki/extensions/WikimediaMessagesmaster+1 -1
Remove color from test result messagesmediawiki/extensions/Mathmaster+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Amire80 created this task.Mar 22 2024, 12:28 AM
Amire80 updated the task description. (Show Details)
Maintenance_bot added a project: Social-Tools.Mar 22 2024, 12:29 AM
ashley subscribed.Mar 22 2024, 1:12 AM

For PrivateDomains, SocialProfile and Video extension, as the maintainer I'd be more than happy to allow the tag, so please let me know what needs to be done for those repositories.

In general, I'm inclined to agree with the overall proposal of this task, but admittedly reality is a bit...different. Writing down my quick observations/notes here for future reference:

  • PrivateDomains - The only impacted message is privatedomains-instructions. This is probably the easiest of the bunch, could move the styles to a RL module and load it on the Special:PrivateDomains page but...why?
  • SocialProfile - Used by only one message (yay!) but it happens to be level-advanced-to (boo!) which is basically the top of a tech debt iceberg. It's a nightmare and it hasn't been enough many years that I'd be willing to touch that voluntarily.
  • Video extension - Like with PrivateDomains, the only offender is a "this is how you use this special page" type of message, video-addvideo-instructions, used on Special:AddVideo. It could likely be split into multiple messages (suggestions/patches on how to do that are more than welcome!), but I always figured that'd be more disruptive than anything else. In any case, the message and some of the PHP code it references could likely use another look: it's 2024, YouTube hasn't been providing Flash-only embed codes in years. (But even if and when updating the message, we do likely wanna keep some of the distinct styling in regardless.)
Dreamy_Jazz subscribed.Mar 22 2024, 1:32 AM

For CheckUser, there is no need for the style attribute and so it can be removed.

gerritbot added a comment.Mar 22 2024, 1:36 AM

Change #1013431 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/WikimediaMessages@master] Remove style attribute from wikimedia-checkuser-toollinks

https://gerrit.wikimedia.org/r/1013431

gerritbot added a project: Patch-For-Review.Mar 22 2024, 1:36 AM
Amire80 added a comment.Mar 22 2024, 1:36 AM
In T360730#9652596, @ashley wrote:

For PrivateDomains, SocialProfile and Video extension, as the maintainer I'd be more than happy to allow the tag, so please let me know what needs to be done for those repositories.

In general, I'm inclined to agree with the overall proposal of this task, but admittedly reality is a bit...different. Writing down my quick observations/notes here for future reference:

  • PrivateDomains - The only impacted message is privatedomains-instructions. This is probably the easiest of the bunch, could move the styles to a RL module and load it on the Special:PrivateDomains page but...why?
  • SocialProfile - Used by only one message (yay!) but it happens to be level-advanced-to (boo!) which is basically the top of a tech debt iceberg. It's a nightmare and it hasn't been enough many years that I'd be willing to touch that voluntarily.
  • Video extension - Like with PrivateDomains, the only offender is a "this is how you use this special page" type of message, video-addvideo-instructions, used on Special:AddVideo. It could likely be split into multiple messages (suggestions/patches on how to do that are more than welcome!), but I always figured that'd be more disruptive than anything else. In any case, the message and some of the PHP code it references could likely use another look: it's 2024, YouTube hasn't been providing Flash-only embed codes in years. (But even if and when updating the message, we do likely wanna keep some of the distinct styling in regardless.)

Thanks for the quick reply! The parent task T358384 gives more details, but basically, the current CI configuration in Gerrit doesn't allow automatic merging of translation patches that have added or updated translations with something that looks like HTML tags with the style tag. Since they can't be merged automatically, they have to be reviewed manually. It's easy, but it adds up, and the people who maintain the translations imports could do something more useful with their time. In addition, this HTML markup is (probably) the same in all the languages, so it's just copied and not translated. Though copying it's not very hard, it does take a few seconds, and translators could do something better with their time, too :)

So if it can be completely taken out of all those English messages, it would be super-nice.

Amire80 updated the task description. (Show Details)Mar 22 2024, 1:40 AM
Dreamy_Jazz added a project: Trust and Safety Product Sprint (Sprint Gangan (11th - 22nd March)).Mar 22 2024, 1:40 AM
Dreamy_Jazz moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Gangan (11th - 22nd March)) board.
Physikerwelt subscribed.Mar 22 2024, 5:56 AM

For math, there is only two such messages:

	"math-test-fail": "Test ''$1'' <span style=\"color:red\">failed</span>.",
	"math-test-success": "Test ''$1'' <span style=\"color:green\">succeeded</span>.",

I suggest removing the color. Would that be ok?

Amire80 added a comment.Mar 22 2024, 3:29 PM
In T360730#9652953, @Physikerwelt wrote:

For math, there is only two such messages:

	"math-test-fail": "Test ''$1'' <span style=\"color:red\">failed</span>.",
	"math-test-success": "Test ''$1'' <span style=\"color:green\">succeeded</span>.",

I suggest removing the color. Would that be ok?

That's certainly a possibility, but you'll lose the colors :)

It's probably not a big deal, because that page is used quite rarely.

Unlike style=, the class= attribute is allowed, so you can add classes for this to a css file, load it on that special page as a ResourceLoader module, and replace style="color:green" in the messages with something like class="ext-math-test-success". That's probably the easiest and cleanest way to keep the colors.

gerritbot added a comment.Mar 22 2024, 6:11 PM

Change #1013586 had a related patch set uploaded (by Physikerwelt; author: Physikerwelt):

[mediawiki/extensions/Math@master] Remove color from test result messages

https://gerrit.wikimedia.org/r/1013586

Physikerwelt added a comment.Mar 22 2024, 6:12 PM

As some people can't differentiate green and red it would be maybe even better to add icons... That can be done with an extra commit.

gerritbot added a comment.Mar 22 2024, 6:57 PM

Change #1013586 merged by jenkins-bot:

[mediawiki/extensions/Math@master] Remove color from test result messages

https://gerrit.wikimedia.org/r/1013586

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.24; 2024-03-26).Mar 22 2024, 7:00 PM
Amire80 updated the task description. (Show Details)Mar 22 2024, 7:04 PM
Physikerwelt unsubscribed.Mar 24 2024, 9:08 AM

Thank you @Amire80 .

gerritbot added a comment.Mar 25 2024, 2:55 PM

Change #1013431 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Remove style attribute from wikimedia-checkuser-toollinks

https://gerrit.wikimedia.org/r/1013431

Dreamy_Jazz moved this task from Needs review to Done on the Trust and Safety Product Sprint (Sprint Gangan (11th - 22nd March)) board.Mar 25 2024, 2:57 PM

Opting to skip QA for the CheckUser related message.

Dreamy_Jazz updated the task description. (Show Details)Mar 25 2024, 2:57 PM
Amire80 moved this task from Incoming Requests to Done (Q3 2023-24) on the Language-Technical Support (Language-Technical Support (Current) ) board.Mar 26 2024, 6:47 PM
Nikerabbit moved this task from Backlog to Synchronization on the affects-translatewiki.net board.Mar 28 2024, 8:58 AM
MaryMunyoki edited projects, added Language-Technical Support; removed Language-Technical Support (Language-Technical Support (Current) ).Mon, Apr 1, 4:34 PM
MaryMunyoki moved this task from Backlog to Message fixes on the Language-Technical Support board.
Nikerabbit moved this task from Quarter Backlog to In Review on the Language-Team (Language-2024-January-March) board.Tue, Apr 2, 11:08 AM
Pginer-WMF edited projects, added Language-Team (Language-2024-April-June); removed Language-Team (Language-2024-January-March).Tue, Apr 2, 3:23 PM
Pginer-WMF moved this task from Quarter Backlog to In Review on the Language-Team (Language-2024-April-June) board.
Nikerabbit removed projects: Language-Team (Language-2024-April-June), Patch-For-Review.Thu, Apr 4, 10:30 AM
Dreamy_Jazz removed a project: CheckUser.Fri, Apr 12, 10:20 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL